<?php
$base_userapi_url = 'http://platypus01.stg.daylife.com/xmlrest/userapi/1.0/';
$base_authapi_url = 'http://userdb01.stg.daylife.com/xmlrest/authapi/1.0/';


#$action = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : NULL;
$email_addr = (isset($_REQUEST['email_address'])) ? $_REQUEST['email_address']:NULL;
$password = (isset($_REQUEST['password'])) ? $_REQUEST['password']:NULL;

if (($email_addr === NULL) || ($password === NULL)) {
	#enough data no provided
	$response = array('code' => '-1', 'message' => 'missing email address or password', 'payload' =>'');
	echo json_encode($response);
	exit(0);
}

#validate daylife.com credentials
$auth = loginuser($email_addr, $password);

if ($auth === NULL) {
	#auth failed
	$response = array('code' => '-2', 'message' => 'api credentials not valid', 'payload' =>'');
	echo json_encode($response);
	exit(0);
}

$webuser_id = $auth['webuser_id'];

#get API creds if any
$apiaccess = getAPIAccessInfo($webuser_id);

if ($apiaccess === NULL) {
	#no api creds, create some
	$createcreds = createAccesskey($webuser_id, $password);
	$apiaccess = getAPIAccessInfo($webuser_id);
	if ($apiaccess === NULL) {
		#create accesskey failed
		$response = array('code' => '-3', 'message' => 'creation of API keys failed', 'payload' =>'');
		echo json_encode($response);
		exit(0);		
	}
}
$response = array(
				'code' => '1',
				'message' => 'Success',
				'payload' => 
				array(
					'auth_token' => $auth['auth_token'], 
					'webuser_id' =>$auth['webuser_id'], 
					'full_name' =>$auth['full_name'],
					'accesskey' => $apiaccess['accesskey'], 
					'sharedsecret' =>$apiaccess['sharedsecret'],
				)
			);
echo json_encode($response);
exit(0);	


function loginUser($email_addr=NULL, $password=NULL) {
	
	if (($email_addr === NULL) || ($password === NULL)) {
		return NULL;
	}
	
	global $base_userapi_url;
	
	try {
		$request_url = $base_userapi_url .  
				'loginUser?email_addr=' . 
				urlencode($email_addr) . 
				'&password=' . 
				$password;
			
		$auth_xml = simplexml_load_file($request_url) or die ("userapi unavailable");
		
		if (isset($auth_xml->payload->auth_token)) {
	        
	        $auth_token = (string)$auth_xml->payload->auth_token[0];
	        $webuser_id = (string)$auth_xml->payload->user->webuser_id[0];
	        $full_name = (string)$auth_xml->payload->user->webuser_name[0];
	        
	        return array('auth_token' => $auth_token, 
						 'webuser_id' =>$webuser_id, 
						 'full_name' =>$full_name
						 );
	    }
			
	}
	catch (Exception $e) {
		return NULL;
	}
	
return NULL;
	
}

function getAPIAccessInfo($webuser_id=NULL) {
	
	if ($webuser_id === NULL) {
		return NULL;
	}
	
	global $base_authapi_url;
	
	try {
		
		$request_url = $base_authapi_url .
						'getAPIAccessInfoByWebuserId?webuser_id=' .
						$webuser_id;
		
		$api_xml = simplexml_load_file($request_url) or die ("authapi unavailable");
		if (isset($api_xml->payload->accesskey)) {
			$accesskey =  (string)$api_xml->payload->accesskey[0];
			$sharedsecret =  (string)$api_xml->payload->sharedsecret[0];
			return array('accesskey' => $accesskey, 'sharedsecret' =>$sharedsecret);
		}
	}
	catch (Exception $e) {

		return NULL;

	}
return NULL;
}

function createAccesskey($webuser_id, $password) {
	
	if (($webuser_id === NULL) || ($password === NULL)) {
		return NULL;
	}
	
	global $base_authapi_url;
	
	$accesskey = md5($webuser_id . '0');
	$sharedsecret = md5($password . '0');
	
	try {
		#addNewAccessKey?webuser_id=111000000000000455&apiaccesskey=c59e425eeadf0c5dd02ab705558bade3&sharedsecret=7453a250c99060932c086f425d65a3ec
		$request_url =  $base_authapi_url .
						'addNewAccessKey?webuser_id=' .
						$webuser_id .
						'&apiaccesskey=' .
						$accesskey .
						'&sharedsecret=' .
						$sharedsecret;
		
		$api_xml = simplexml_load_file($request_url) or die ("authapi unavailable");
		return true;
	}
	catch (Exception $e) {
		return NULL;
	}
return NULL;
}

?>
